CVE-2012-2520

CVE	CVE-2012-2520
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2012-10-09 21:55:00 UTC
Updated	2018-10-12 22:03:00 UTC
Description	Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

Problem Types: CWE-79

Type	Vendor	Product	Version	Update	Edition	Language
Application	Microsoft	Groove Server	2010	sp1	All	All
Application	Microsoft	Groove Server	2010	sp1	All	All
Application	Microsoft	Infopath	2007	sp2	All	All
Application	Microsoft	Infopath	2010	sp1	All	All
Application	Microsoft	Infopath	2007	sp2	All	All
Application	Microsoft	Infopath	2010	sp1	All	All
Application	Microsoft	Lync	2010	All	All	All
Application	Microsoft	Lync	2010	All	attendee	All
Application	Microsoft	Lync	2010	All	All	All
Application	Microsoft	Lync	2010	All	attendee	All
Application	Microsoft	Office Communicator	2007	r2	All	All
Application	Microsoft	Office Communicator	2007	r2	All	All
Application	Microsoft	Office Web Apps	2010	sp1	All	All
Application	Microsoft	Office Web Apps	2010	sp1	All	All
Application	Microsoft	Sharepoint Foundation	2010	sp1	All	All
Application	Microsoft	Sharepoint Foundation	2010	sp1	All	All
Application	Microsoft	Sharepoint Server	2007	sp2	All	All
Application	Microsoft	Sharepoint Server	2007	sp3	All	All
Application	Microsoft	Sharepoint Server	2010	sp1	All	All
Application	Microsoft	Sharepoint Server	2007	sp2	All	All
Application	Microsoft	Sharepoint Server	2007	sp3	All	All
Application	Microsoft	Sharepoint Server	2010	sp1	All	All
Application	Microsoft	Sharepoint Services	3.0	sp2	All	All
Application	Microsoft	Sharepoint Services	3.0	sp2	All	All

Reference	Source	Link	Tags
Microsoft Groove Server HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Microsoft Office Communicator HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Microsoft SharePoint HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Repository / Oval Repository	OVAL	oval.cisecurity.org
Microsoft Security Bulletin MS12-066 - Important \| Microsoft Docs	MS	docs.microsoft.com
US-CERT Alert TA12-283A - Microsoft Updates for Multiple Vulnerabilities	CERT	www.us-cert.gov	Third Party Advisory, US Government Resource
Microsoft SharePoint And Microsoft Lync HTML Sanitization Cross Site Scripting Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
Microsoft Lync HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Microsoft Office InfoPath HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.